#!/bin/bash

# ----------------------------------------------------------------------
# Filename:   75678-auditctl-R.sh
# Version:    1.0
# Date:       2013/12/12
# Author:     yuanhui.shi
# Email:      yuanhui.shi@cs2c.com.cn
# Summary:    03系统安全功能-02审计功能-01auditctl-08使用选项R从文件导入规则，i选项忽略从文件读入规则时的错误
# Notes:      auditctl -R
# Copyright:  China Standard Software Co., Ltd.
# History：     
#             Version 1.0, 2013/12/12
#             -   The first one
# ----------------------------------------------------------------------

PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH

source ../../../lib/Echo.sh
source ./lib/cmd.sh
source ../../../lib/XmlParse.sh
source ./lib/Ssh.sh

function CleanData ()
{
  rm -rf rule
  rm -rf /tmp/tmp1
  rm -rf /tmp/tmp2
  auditctl -D &>/dev/null
  echo "" >/var/log/audit/audit.log
  EchoInfo "75678-auditctl-R.sh执行完毕"
}

trap "CleanData" EXIT

auditctl -D &>/dev/null
echo "-w /etc/shadow -k shadow-file -p rwxa" >rule
echo "-a exit,never -S mount" >>rule

auditctl -R rule &>/dev/null
auditctl -l >/tmp/tmp1
[ "`auditctl -l |wc -l`" == 2 ]
EchoResult "成功从文件导入规则"

echo "-ll,always -f——G" >>rule

auditctl -R rule &>/dev/null
auditctl -l >/tmp/tmp2
[ "`cat /tmp/tmp1`" == "`cat /tmp/tmp2`" ]
EchoResult "不能从文件导入错误规则，已存在的规则不会重复导入"
